I would enable split tunneling for the networks you need and set the concentrator logs up to see what is going on. I have pasted a little dialogue below on what logs to turn on. You can probably get a good idea of what is going on from this.
In the concentrator we go to Configuration -> System -> Events -> Classes. Delete any classes in there right now. Click on add and under class name find IKE, on the severity to log select 1-9. Do the same for IKEDBG. Now find IKEDecode in the list and and select 1-13 on severity to log. Now you select IPSEC and put it at 1-9. Do the same with IPSECDBG. Select IPSECDECODE and put it at 1-13. Now that you have those 6 classes added we will see in more detail what is going on. Thanks, Robert Raver Cisco Systems Inc. ----- Original Message ----- From: "John Brandis" To: Sent: Monday, November 18, 2002 1:50 PM Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] > I had the similar type of problem, remote users (broadband) would lose > connectivity and get the remote peer not respondin, your ipsec session has > been termintated error. The problem that I had, was with the broadband ISP, > in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra > knows that the dsl customer is still there. Should telstra not get this > packet, they drop the dsl connection, thus terminating your vpn session. > Also, you may want to check your session time-out variable. > > I resolved my error by splitting the networks, as previously I had tunnel > everything. > > john > > -----Original Message----- > From: Umar Ahmed [mailto:[EMAIL PROTECTED]] > Sent: Friday, 15 November 2002 8:00 PM > To: [EMAIL PROTECTED] > Subject: Cisco 3005 VPN concentrator issues. [7:57495] > > > Hi all, > > Ive got a customer who has a 3005 concentrator connected to our network. He > has setup a vpn connection which he accesses from home over the public > internet. The problem he and the other 200 users are having is that they are > loosing connectivity to the box intermittently throughtout the day. When he > has loss of service, I can ping the vpn box directly connected to my > network, whats even more strange, is that I can ping other customer hosts on > the same subnet . Any ideas ?? > > Regards, > > Umar. > ********************************************************************** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ********************************************************************** > > The Solution 6 Head Office and Branch in Sydney is moving premises. > > >From Monday 25th November our Head Office and NSW Branch will be located at: > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ********************************************************************** > > This email message (and attachments) may contain information that is > confidential to Solution 6. If you are not the intended recipient you cannot > use, distribute or copy the message or attachments. In such a case, please > notify the sender by return email immediately and erase all copies of the > message and attachments. Opinions, conclusions and other information in > this message and attachments that do not relate to the official business of > Solution 6 are neither given nor endorsed by it. > > ********************************************************************* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57645&t=57495 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
